69b3ee23201e0e1aec8a6c80db54fdc6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

69b3ee23201e0e1aec8a6c80db54fdc6_JaffaCakes118
Size

537KB
MD5

69b3ee23201e0e1aec8a6c80db54fdc6
SHA1

26ac8f623732396548fffc4fa471be3249358e3b
SHA256

887bb7849b461fa7aff52108b3bb81cff52ec2832170a77a9e6dafc6176b69dc
SHA512

84d8fea8864a6550782cb4f7e1ce1f75a784a2719d6a05069faf037b164784554a3212fbf4d3581b1fc16ccbca567c8a2d4baf7313acff8f59fea121016fd1a4
SSDEEP

12288:ZRF/TgQjA1IZpg6WHrD8vItOURWXGJ75B:ZRFkQjAekzrDWItTRr5B

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
69b3ee23201e0e1aec8a6c80db54fdc6_JaffaCakes118

Files

69b3ee23201e0e1aec8a6c80db54fdc6_JaffaCakes118
.dll windows:4 windows x86 arch:x86

cf2fe266501a42b959b8f444a783d12f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

DeleteCriticalSection
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

GetKeyboardType
MessageBoxA

advapi32

RegQueryValueExA

oleaut32

SysFreeString

ws2_32

ntohs

Sections

CODE
Size: - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 398KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 534KB - Virtual size: 534KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cf2fe266501a42b959b8f444a783d12f

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

ws2_32

Sections

CODE Size: - Virtual size: 110KB

DATA Size: - Virtual size: 4KB

BSS Size: - Virtual size: 4KB

.idata Size: - Virtual size: 3KB

.vmp0 Size: - Virtual size: 9KB

.rsrc Size: 1KB - Virtual size: 37KB

.vmp1 Size: - Virtual size: 398KB

.vmp2 Size: 534KB - Virtual size: 534KB

.reloc Size: 512B - Virtual size: 156B

CODE
Size: - Virtual size: 110KB

DATA
Size: - Virtual size: 4KB

BSS
Size: - Virtual size: 4KB

.idata
Size: - Virtual size: 3KB

.vmp0
Size: - Virtual size: 9KB

.rsrc
Size: 1KB - Virtual size: 37KB

.vmp1
Size: - Virtual size: 398KB

.vmp2
Size: 534KB - Virtual size: 534KB

.reloc
Size: 512B - Virtual size: 156B